Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) P50 routing on LAN side



At 02:26 PM 1/7/98 -0500, Todd A. Scalzott wrote:
>
>What's happening is that I can see the ARP request make it all the way 
>through from a shell account on a different provider to the P50 and then 
>on through to the firewall.  What the firewall manufacturer tells me is 
>that I need to have the P50 configured with a static route pointing to the 
>external interface of my firewall as a router for the class C.    But the 
>P50 already establishes a /24 route to the ie0 interface:

What is the IP address of the P50? And the external i/f of the firewall?

>ascend% iproute show
>
>Destination        Gateway         IF       Flg   Pref Met     Use     Age
>0.0.0.0/0          205.177.45.89   wan9     SGP    100   1    1539     642
>127.0.0.1/32       -               lo0      CP       0   0       0 7203241
>127.0.0.2/32       -               rj0      CP       0   0       0 7203241
>127.0.0.3/32       -               bh0      CP       0   0       0 7203241
>172.17.1.0/24      -               ie0      C        0   0      94    2669
>172.17.1.2/32      -               lo0      C        0   0       0    2669
>205.177.45.0/24    205.177.45.89   wan9     rGT    100   1       0     509
>205.177.45.0/24    205.177.45.89   wan9     *SG    120   7       0     643
>205.177.45.89/32   205.177.45.89   wan9     rT     100   1      17     509
>205.177.45.89/32   205.177.45.89   wan9     *SP    120   7       2     984
>207.176.66.0/24    -               ie0      C        0   0    8773    2670
>207.176.66.2/32    -               lo0      CP       0   0     124    2670
>255.255.255.255/32 -               ie0      CP       0   0       0     643
>
>
>So something like "iproute add 207.176.66.0/24 207.176.66.40 1" won't 
>work--the existing route will always take precedence.

Maybe experimenting with the second interface address may help?

>Any suggestions here or insight as to what I am missing?  Thanks In 
>Advance.

Is this access the only route into the network that you have the firewall
protecting? (Doubt it, but I have to ask). If it was, then you could have
used the Ascend firewall software on the P50?


Kevin


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


Follow-Ups: References: